Categories

Meta

Surveillance Bill – What a load of bollocks.

Today we see a proposal from our wonderful government that is called the Surveillance Bill. This will no doubt be more commonly known as the Snoopers charter but would be better described as the Bill written by people who have no fucking idea what they’re talking about.

The key point of issue is that service providers, or ISP’s, will be forced to retain 12 months logs of everyone’s browsing history. The government tell us this will protect us and allow them stronger powers to catch criminals and terrorists. They’re not interested in your shopping history, they say. Well of course they are, but that’s actually a moot point.

Lets say the bill goes through and my browsing history starts being logged. They’ll get to see the root level domains of the sites I’ve pulled data into my browser from. So they’ll see a lot of hits against twitter.com. They’ll not see which specific pages or images or pieces of code I’ve pulled down, just twitter.com = 34532 hits.

One day I visit twitter and someone has embedded a link in a tweet that goes to http://www.terrorist.com. I click on it and head off to the terrorist website. I quickly realise my error and close the page, but it’s too late, I’ve visited that site. Not just once because every hit my browser created on the first page of that site creates a hit against the website. The logs will now have a hundred hits against the terrorist website. And feature rich websites create a huge amount of hits just for one page load. Visit the front page of bbc.co.uk and you’re creating hundreds of hits against bbc.co.uk, not just one.

Still, mistakes happen. No-one is going to brand me a terrorist because of a few hits against a website, maybe…

Now I also visit my favourite online forum, toytrains.com (say). This website is as benign as it is possible to be. Lots of men who haven’t grown up discussing toy trains. One chap has found a funny image on the internet and has embedded it as his avatar. Every time his name ops up in my browser, I visit the site where he got the image from. i’m not aware I’m doing this and he’s not aware that it has created this problem, but it’s happening. trouble is, the image is hosted on the website childporn.com even though it’s nothing malicious. He just searched for an image of a toy train.

With me so far? i’m now a terrorist and a paedo despite me doing absolutely nothing wrong and because the logging doesn’t capture the detail required to exonerate me, I’m under surveillance.

And there’s the evidence you need to tell you the authorities will not use this information as they say they will to support investigations, they will use the logs TO IDENTIFY WHO THEY WILL MONITOR. The logs are worthless in supporting a criminal investigation, they are only useful to identify potential suspects.

Lets go one step further. Lets say I actually am a terrorist and because the fact that everyone knows the government are logging my browsing history, I’d be completely fucking insane to actually go to terrorist.com because I know that’d put me on a watch list. So i’ll try and cover my steps.This isn’t particularly difficult by the way, there are many ways of achieving this that laypeople can quite easily get their heads round. People who understand these things can get round them with a lot more options. I absolutely guarantee that if I was a terrorist (I’m not) and was highly tech savy (I am) they would never be able to track me in a million years. I will further guarantee that they would not even be able to work out that I was trying to bypass their logging. And if I was a tech savy terrorist, I’d tell all my other terrorist mates how to do this as well. No government, you’ll not catch me that way.

So who else can I catch?

Well I’m going to see a lot of people visiting malicious websites. Not because they’re criminals, they’re victims of phishing attacks, their devices have been compromised or a hacker is using their machine to do shit with. (Remember those additional options I mentioned for tech savy people, subverting your machine to do my willing is one of those options. You know, if I was that way inclined.) So we’ll see a load of innocent people fingered for stuff they didn’t even know was going on.

And lets not forget, the logs captured by 60 million people browsing the internet is going to be absolutely astronomical. I capture web logs for only a few thousand people in work and that data is difficult to store, process and sanitise.

Edit: I’ve thought some more too. My company has about 8000 people behind our proxy. If a log is created that the authorities want to investigate from our IP address, they’ll need to come to me to find out which individual in my company it was. I might not be able to tell them. I might not *want* to tell them. What happens then?

See also shared broadband links.

So. We’re going to see the online activities of some dumb criminals, some dumb terrorists, plenty of victims, plenty of innocent people and a load of uninteresting nonsense and while I believe the politicians involved may not understand this, I sure as hell know their advisers do.

So why are they doing this?

Conjecture time.

Number one reason is the politicians don’t understand, haven’t listened to the advice they have been given properly and think this is something that will actually provide some real value in protecting our (oops, *their*) interests.

They want to create a minority report type world where they can pre-empt crimes by capturing interest at an early stage.

They actually do want to peruse your shopping data, and online activity in general because knowing what the general population is looking at, is a great way to control the general population.

And you know what? Option 3 is looking a lot more realistic now isn’t it?